package org.dingyom.gift.config;

import org.dingyom.gift.constants.GiftResourceConstants;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;

public abstract class BaseResourceServiceConfig implements ResourceServerConfigurer {
    @Value("${oauth2.resourceId}")
    private String resourceId;

    //类不实现 但是子类要实现
    @Override
    public abstract void configure(HttpSecurity httpSecurity) throws Exception ;


    @Bean
    public TokenStore tokenStore(){
        return new JwtTokenStore(jwtAccessTokenConverter());
    }

    @Bean
    public JwtAccessTokenConverter jwtAccessTokenConverter() {
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        //设置JWT签名密钥。它可以是简单的MAC密钥，也可以是RSA密钥
        converter.setSigningKey(GiftResourceConstants.SIGN_KEY);
        return converter;
    }
    @Override
    public void configure(ResourceServerSecurityConfigurer configurer) throws Exception {

        //核心在配置校验地址
        configurer.resourceId(resourceId)
                .tokenStore(tokenStore())//JWTtoken方式 不需要远程校验
                //.tokenServices(resourceServerTokenServices())//非jwttoken方式,远程校验token的方式
                .stateless(true);

    }

}
